Bug 155148 - Transport mode (Host to Host) IPsec configured with system-config-network will not work
Transport mode (Host to Host) IPsec configured with system-config-network wil...
Status: CLOSED DUPLICATE of bug 155149
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: initscripts (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-17 01:08 EDT by Michael Kearey
Modified: 2014-03-16 22:53 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-17 06:07:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Altered ifup-ipsec file (7.48 KB, text/plain)
2005-04-17 01:39 EDT, Michael Kearey
no flags Details

  None (edit)
Description Michael Kearey 2005-04-17 01:08:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2 Red Hat/1.0.2-1.4.1

Description of problem:
The system-config-network tool with the choices for both hosts:

Nickname: ipsec0
Host to Host Encryption
Manual with a fixed key (use the same keys in both hosts)
Provide the IP address of the end point (s) at each host

After running ifup ipsec0 on both hosts, I can see packets leaving for the IPsec host to host destination, and arriving at the destination with tcpdump. They appear to be encapsulated ok, but tcp communications seems to be impossible. It does not work.

I altered the /etc/sysconfig/network-scripts/ifup-ipsec file (See the attached one) and it now works. SPI_AH_IN and SPI_AH_OUT, and SPI_ESP_IN and SPI_ESP_OUT  seem to be round the wrong way. 


Version-Release number of selected component (if applicable):
initscripts-7.93.11.EL-1  

How reproducible:
Always

Steps to Reproduce:
1.Run system-config-network to configure host to host encryption
2. Do ifup ipsec0 on the two hosts
3. Try sending and receiving packets to and from the two hosts
  

Actual Results:  No tcp communication through the encrypted link can happen

Expected Results:  tcp communication should work

Additional info:

Note that I have not tested any other configurations, just the host to host 'transport' mode.

This affects Red Hat Enterprise Linux 3, 4 and Fedora Core.
Comment 1 Michael Kearey 2005-04-17 01:39:02 EDT
Created attachment 113277 [details]
Altered ifup-ipsec file

Full file with alterations to 'make it work'
Comment 2 Michael Kearey 2005-04-17 06:07:11 EDT

*** This bug has been marked as a duplicate of 155149 ***

Note You need to log in before you can comment on or make changes to this bug.